The building I'm in provides ethernet ports through the walls in each room, but it is stated in their policy that they "do not allow wireless routers."

They have been known to deactivate certain ethernet ports that have had wireless routers connected to them.

How is it possible to emperically determine if a device connected to an ethernet port is a router, or is "routing?" Routers have one IP to the outside world... that's the entire point, really, so how is this even possible?

3 Answers
3

I suspect that they're more concerned about the "wireless" part than the "router" part.

I have no special insight into what they're doing, but if I was going to discourage casual use of such devices, I would key in on the first three octets of the MAC address, which identifies the manufacturer by its OUI (Organizationally Unique Identifier).

How do you think devices broadcasting radio signals are detected?

That policy is almost certainly a paraphrase of the actual policy, which I suspect based upon experiece is actually:

We don't want people providing unsecured wireless hot-spots to the world. We give IP connectivity to you, the person with whom we have a contractual relationship, not to you and anyone else who just happens along. We don't want freeloaders to be able to piggyback off our service to you. We don't want random people with machines full of malwares to gain access to the organization's internal network. We don't want other radio signals interfering with our radio signals.

It's fairly easy to detect wireless routers, simply by doing what RedGrittyBrick alludes to. Looking at what's on the wired side of things, at mac addresses, IP addresses, and whatnot, is doing things the hard way. The offending devices are broadcasting a signal. (If they aren't broadcasting, they aren't part of the problem being tackled, of course.) So one just wanders around with equipment capable of detecting and receiving that signal. An ordinary laptop personal computer with a radio NIC would suffice.

A router or hub will start trying to manage their portion of the network and communicating with the host router/switches that your building uses. Most complexes will also scan for connected devices and use the network information to determine what kind of device that is connected. Unless told otherwise a router will readily identify itself as what it is.

You may want to ask the manager if you could be allowed to install a wireless access point. An access point would simply add wireless to the existing network without creating an of the network segmentation headaches more advanced equipment like a router would. Unless of course they really don't want a wireless presence, in which case it is better to abide by your residence rules rather than find yourself on the outs with the landlord/dorm manager.